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DETAILED ACTION 

1 . Preliminary Amendment received on 1 1 April 2005, has been entered into record. 
In this amendment, claims 14 and 15 have been amended. 

2. Claims 1 -1 5 are presented for examination. 

Priority 

3. Receipt is acknowledged of papers submitted under 35 U.S.C. 1 1 9(a)-(d), which 
papers have been placed of record in the file. 

4. The claim for priority from PCT/JP04/09446 filed on 2 July 2004 is duly noted. 

Specification 

5. The lengthy specification has not been checked to the extent necessary to 
determine the presence of all possible minor errors. Applicant's cooperation is 
requested in correcting any errors of which applicant may become aware in the 
specification. 

6. The disclosure is objected to because it contains an embedded hyperlink and/or 
other form of browser-executable code. Applicant is required to delete the embedded 
hyperlink and/or other form of browser-executable code. See MPEP § 608.01 . 

7. The disclosure is objected to because of the following informalities: 

a. in page 2, line 27: "be effected" should read -be affected-; 

b. in page 7, line 9: "DISCLOSRE" should read -DISCLOSURE-; 

c. in page 8, line 4: "gateway unit;" should read -gateway unit,-; 
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d. in page 9, line 6: "unit; said" should read -unit, said- 
Appropriate correction is required. 

Claim Objections 

8. Claims 1 , 4-5, 7 and 9 are objected to because of the following informalities: 

a. In claim 1 , line 5: "VPN client units" is unclear if it relates to "client units" 
(claim 1, line 2); 

b. In claim 1 , lines 7-8: "unit; said method" should read -unit, said method-; 

c. In claim 1 , line 14: "an IP private address" is unclear if it relates to "a 
private IP address" (claim 1, lines 9-10); 

d. In claim 4, line 3 and claim 5, line 7: "an access control list" is unclear if it 
relates to "an access control list" (claim 1 , line 9); 

e. In claim 5, line 14: "a communication channel" is unclear if it relates to "a 
communication channel" (claim 5, line 11); 

f. In claim 7, line 6: "the tunneling protocol configuration management 
information" lacks antecedent basis; 

g. In claim 9, line 8: "unit; said apparatus" should read -unit, said apparatus- 

h. In claim 9, lines 10-11: "the private IP address" lacks antecedent basis; 

i. In claim 9, line 16: "the IP address" lacks antecedent basis; 

j. In claim 9, line 22: "said PN client unit" should read -said VPN client unit-. 
Appropriate correction is required. 
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Drawings 

9. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) 
because they do not include the following reference sign(s) mentioned in the 
description: step S10 (page 23, line 10), in reference to Figure 2. 

1 0. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(4) 
because: 

a. reference character "S1" has been used to designate the communication 
from the VPN Gateway Unit B to the Mediating Apparatus S (Figure 2), Rrquest 
for DNS Query (Figure 18, and the communication from the VPN Gateway 
Function Part for Mediation Service to the Mediation Service Management Table 
(Figure 21). 

b. It is noted that similar designations have been made in regards to steps 
S2-S9 in Figures 2, 18 and 21. The Examiner requests that these issues be 
resolved. 

Corrected drawing sheets in compliance with 37 CFR 1 .121(d) are required in reply to 
the Office action to avoid abandonment of the application. Any amended replacement 
drawing sheet should include all of the figures appearing on the immediate prior version 
of the sheet, even if only one figure is being amended. Each drawing sheet submitted 
after the filing date of an application must be labeled in the top margin as either 
"Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1 .121(d). If the changes are 
not accepted by the examiner, the applicant will be notified and informed of any required 
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corrective action in the next Office action. The objection to the drawings will not be held 
in abeyance. 

Claim Rejections - 35 USC § 103 

1 1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

12. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

13. Claims 1-4 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Daude et al. (US 2004/0088542 A1 and Daude hereinafter) in view of Malinen et al. (US 
2004/0266420 A1 and Malinen hereinafter). 

As to claim 1, Daude discloses a system and method for virtual private network 
crossovers based on certificates, the system and method having: 
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(a) sending an access control list containing information indicative 
of a private IP address assigned to said communication unit to a mediating 
apparatus (i.e. device) on said IP network from said VPN gateway unit (0044, 
lines 2, 11-13; 0046, lines 3-4); 

(b) storing said access control list by said mediating apparatus (i.e. 
routers) in correspondence to said VPN gateway unit (0044, line 2); 

(c) retrieving an IP private address corresponding to said VPN 
gateway unit (i.e. interconnecting device) in response to a request from said 
VPN client unit (0052, lines 6-9), acquiring the private IP address of the 
corresponding communication unit from said access control list, sending 
the acquired private IP address to said VPN client unit (0044, lines 4-8), 
sending the IP address of said VPN client unit to said VPN gateway unit 
(0095, lines 4-6), generating mutual authentication information (i.e. 
certificate) for setting up an authenticated encrypted tunnel between said 
client VPN unit and said gateway unit (01 08, lines 9-1 1 ), and sending said 
mutual authentication information to both of said VPN client unit and said 
gateway unit (0096, lines 4-8). 

Daude does not disclose: 

(d) setting up said authenticated encrypted tunnel between said VPN 
client unit and said gateway unit by use of said mutual authentication 
information, and implementing remote access through said encrypted 
tunnel by use of the private IP address of said communication unit. 
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Nonetheless, this feature is well known in the art and would have been an obvious 
modification of the teachings disclosed by Daude, as evidenced by Malinen. 
Malinen discloses a system and method for secure mobile connectivity, the system and 
method having: 

(d) setting up said authenticated encrypted tunnel between said VPN 
client unit and said gateway unit by use of said mutual authentication 
information, and implementing remote access through said encrypted 
tunnel by use of the private IP address of said communication unit (0004, 
lines 4-9; 0042, lines 1-3). 
Given the teaching of Malinen, a person having ordinary skill in the art at the time of the 
invention would have readily recognized the desirability and advantages of modifying 
the teachings of Daude with the teachings of Malinen by creating an authenticated 
encrypted tunnel for remote access communications. Malinen recites motivation by 
disclosing that defining a protocol for an authenticated encrypted tunnel for 
communications ensures the security of transmitted information packets (0004, lines 1- 
4). It is obvious that the teachings of Malinen would have improved the teachings of 
Daude by creating an authenticated encrypted tunnel for communications in order to 
ensure the security of packets being transmitted. 

As to claim 2, Daude discloses: 

wherein said access control list contains attribute information about 
said VPN client unit (0007, lines 5-8). 
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As to claim 3, Daude discloses: 

wherein said step (a) includes a step of encrypting a communication 
channel between said mediating apparatus and said VPN gateway unit or a 
VPN gateway management unit having an authority of its management 
(0023, lines 3-5), and sending said access control list from said VPN 
gateway unit to said mediating apparatus (0044, line 2, 11-13; 0046, lines 3- 
4). 

As to claim 4, Daude discloses: 

wherein said step (b) includes steps of: authenticating said VPN 
gateway unit by said mediating apparatus (0096, lines 4-8); 

storing an access control list for said VPN client unit sent from said 
VPN gateway unit when the authentication is successful (0044, line 2). 

14. Claims 5, 7-8 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Daude in view of Malinen as applied to claims 2 and 3 above, and further in view of 
Sutanto (US 2003/0039240 A1). 
As to claim 5, Daude, combined with Malinen, discloses: 

wherein said step (c) includes the steps of: (c-0) on receiving a 
request for retrieval of an IP address assigned to said VPN gateway unit 
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from said VPN client unit, verifying whether said VPN client unit has an 
authority of access to said VPN gateway unit (0052, lines 4-6); 

only when said VPN client unit has said access authority, (c-1) 
referring to an access control list, and acquiring the private IP address 
assigned to said communication unit (0044, lines 4-8); 

(c-3) encrypting a communication channel between said mediating 
apparatus and said VPN client unit (0023, lines 3-5), and sending the IP 
address of said VPN gateway unit and the private IP address of said 
communication unit to said VPN client unit (0044, lines 4-8; 0052, lines 6-9); 

(c-4) encrypting a communication channel between said mediating 
apparatus and said VPN gateway unit (0023, lines 3-5), and sending to said 
VPN gateway unit a global IP address of said VPN gateway unit and said 
attribute information about said VPN client unit described in said access 
control list (0044, lines 2, 11-13; 0046, lines 3-4; 0052, lines 6-9); 

said step (d) including the steps of: (d-1) generating said mutual 
authentication information for authentication between said VPN client unit 
and said VPN gateway unit (0108, lines 9-11); 

(d-2) encrypting the communication channel between said mediating 
apparatus and said VPN client unit (0023, lines 3-5), and sending to said 
VPN client unit information necessary for mutual authentication between 
said mediating apparatus and said VPN gateway unit (0044, lines 4-8; 0052, 
lines 6-9); 
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(d-3) encrypting the communication channel between said mediating 
apparatus and said VPN gateway unit (0023, lines 3-5), and sending to said 
VPN gateway unit information necessary for mutual authentication between 
said mediating apparatus and said VPN client unit (0044, lines 2, 11-13; 
0046, lines 3-4; 0052, lines 6-9). 

Daude in view of Malinen does not disclose: 

(c-2) searching a domain name server to acquire the IP address 
assigned to said VPN gateway unit. 

Nonetheless, this feature is well known in the art and would have been an obvious 

modification of the teachings disclosed by Daude in view of Malinen, as evidenced by 

Sutanto. 

Sutanto discloses a system and method for accessing an embedded web server on a 
broadband access terminal, the system and method having: 

(c-2) searching a domain name server to acquire the IP address 
assigned to said VPN gateway unit (0041 , lines 1 -2, 7-1 1 ). 
Given the teaching of Sutanto, a person having ordinary skill in the art at the time of the 
invention would have readily recognized the desirability and advantages of modifying 
the teachings of Daude in view of Malinen with the teachings of Sutanto by using a 
domain name server to obtain a device's IP address. Sutanto recites motivation by 
disclosing that communications can be monitored by identifying a dynamic host 
configuration protocol packet directed to a user terminal, which can be accomplished 
with the IP address of a domain name server or gateway (0006, lines 1 -4, 1 0-1 6). It is 
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obvious that the teachings of Sutanto would have improved the teachings of Daude in 
view of Malinen by using a domain name server to obtain an IP address so that 
communications can be monitored. 

As to claim 7, Daude in view of Malinen does not disclose: 

wherein: said step (c) includes wherein said VPN client unit captures 
a DNS query transferred from an in-unit application or another VPN client 
unit, then collates the source address and contents of said query with 
filtering conditions, and, if they match the conditions, converts said query 
to a query to said mediating apparatus; 

said step (d) includes a step setting/updating the tunneling protocol 
configuration management information on the basis of an answer to said 
query; 

said step (e) includes a step of initializing the tunnel as required, 
passing the private IP address of the communication unit specified by said 
mediating unit, as the result of said DNS query, to the application of the 
query source. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the teachings disclosed by Daude in view of Malinen, as evidenced by 
Sutanto. 

Sutanto discloses: 
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wherein: said step (c) includes wherein said VPN client unit captures 
a DNS query transferred from an in-unit application or another VPN client 
unit, then collates the source address (i.e. MAC address) and contents of 
said query with filtering conditions, and, if they match the conditions, 
converts said query to a query to said mediating apparatus (i.e. DNS server) 
(0031, lines 3-13); 

said step (d) includes a step setting/updating the tunneling protocol 
configuration management information (i.e. HTTP request) on the basis of 
an answer to said query (0032, lines 1 4-1 8); 

said step (e) includes a step of initializing the tunnel as required, 
passing the private IP address of the communication unit specified by said 
mediating unit, as the result of said DNS query, to the application of the 
query source (i.e. user terminal) (0031, lines 13-16). 
Given the teaching of Sutanto, a person having ordinary skill in the art at the time of the 
invention would have readily recognized the desirability and advantages of modifying 
the teachings of Daude in view of Malinen with the teachings of Sutanto by intercepting 
a DNS query and using the resultant information to create a tunnel. Sutanto recites 
motivation by disclosing that hijacking a DNS query allows for access to diagnostic web 
pages (0003, lines 10-11) and that creating communications based on the result allows 
requests for websites to be sent to the IP address through the gateway (0031 , lines 16- 
1 8). It is obvious that the teachings of Daude in view of Marlinen would have benefited 
from the teachings of Sutanto by intercepting DNS queries and creating a 
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communication line accordingly in order to provide for a way to access diagnostic web 
pages and provide for website requests through a gateway. 

As to claim 8, Daude, combined with Malinen and Sutanto, discloses: 

wherein said step (c) wherein said VPN client unit issues a certificate 
by an SPKI scheme (0069, lines 2-4; 0081, lines 3-5), and another VPN client 
unit having received said certificate (0069, lines 6-8) sends to said 
mediating apparatus a request for retrieval of the IP address assigned to 
said VPN gateway unit (0052, lines 6-9). The examiner asserts that the SPKI 
scheme is another way to perform authentication using public keys and that it 
would have been obvious to use the SPKI scheme to modify the usage of public 
keys in the teachings of Daude to obtain the claimed invention. 

15. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Daude in 
view of Malinen and Sutanto as applied to claim 5 above, and further in view of 
Haverinen et al. (US 2004/0208151 A1 and Haverinen hereinafter). 
As to claim 6, Daude in view of Malinen, combined with Sutanto, discloses: 

wherein, at the time of setting up the encrypted tunnel between said 
VPN client unit and said VPN gateway unit, said VPN gateway unit performs 
at least one of (0004, lines 4-9; 0042, lines 1-3): a function of determining the 
private IP address to be given to said VPN client unit on the basis of said 
attribute information on said VPN client unit sent from said mediating 
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apparatus, and giving the determined private IP address to said VPN client 
unit; a function of determining a VLAN to be accommodated on the basis of 
said attribute information about said VPN client unit, a gateway address, an 
internal DNS address, a WINS server address, etc.; a function of changing 
packet filtering setting of said VPN gateway unit on the basis of said 
attribute information (i.e. ACL) (0062, lines 8-11) in order to prevent spoofed 
packets from reaching the VPN gateway or home agent, as recited by Malinen 
(0062, lines 8-9, 1 1 -1 3). It is obvious that the teachings of Daude and Sutanto 
would have benefited from the teachings of Malinen by creating a tunnel that 
filters spoofed packets in order to prevent the spoofed packets from reaching the 
gateway or home agent. 

Daude in view of Malinen and Sutanto does not disclose: 

wherein when the tunnel established between said VPN gateway unit 
and said VPN client unit is disconnected or no communication has been 
conducted via said tunnel for a predetermined period of time, said VPN 
gateway unit performs tunnel cleanup processing, processing for returning 
the private IP address assigned to said VPN client unit, and restoring the 
setting of the packet filtering of said VPN gateway unit used for said VPN 
client unit concerned. 

Nonetheless, this feature is well known in the art and would have been an obvious 

modification of the teachings disclosed by Daude in view of Malinen and Sutanto, as 

evidenced by Haverinen. 
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Haverinen discloses a system and method for authentication in a wireless 
telecommunications system, the system and method having: 

wherein when the tunnel established between said VPN gateway unit 
and said VPN client unit is disconnected or no communication has been 
conducted via said tunnel for a predetermined period of time, said VPN 
gateway unit performs tunnel cleanup processing, processing for returning 
the private IP address assigned to said VPN client unit, and restoring the 
setting of the packet filtering of said VPN gateway unit used for said VPN 
client unit concerned (0043, lines 33-41). 
Given the teaching of Haverinen, a person having ordinary skill in the art at the time of 
the invention would have readily recognized the desirability and advantages of 
modifying the teachings of Daude in view of Malinen and Sutanto with the teachings of 
Haverinen by restoring the packet filtering when a tunnel becomes unused. Haverinen 
recites motivation by disclosing that a record of device connections is kept along with 
packet transfer information for the purposes of billing (0043, lines 41-46), necessitating 
that authentication be performed regularly to reflect usage. If authentication fails, the 
device is not allowed access (i.e. original state). The examiner asserts that if 
authentication is attempted without a connection, the process will fail and the device will 
no longer be allowed access. It is obvious that the teachings of Daude in view of 
Malinen and Sutanto would have benefited from the teachings of Haverinen by resetting 
filtering information if a connection is lost or unused in order allow for the tracking of 
device connections. 
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16. Claims 9-1 5 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Daude in view of Sutanto. 

As to claim 9, Daude discloses a system wherein: VPN client units and a VPN 
gateway unit are connected to the IP network (1 00, 1 1 0, 1 20, 1 60, Figure 1 ); 
communication units (i.e. component) are connected to a local area network 
placed under the management of the VPN gateway unit (0080, lines 1 -4); and a 
remote-access VPN by a tunneling protocol is implemented between an arbitrary 
one of said VPN client units and said VPN gateway unit connected to said IP 
network and an arbitrary one of said communication units connected to said local 
area network placed under the management of said VPN gateway unit (0076, lines 
1-3); said apparatus comprising: 

ACL storage means for storing an access control list, hereinafter 
referred to as ACL, sent from said VPN gateway unit and containing 
information indicative of the private IP address assigned to said 
communication unit (0044, lines 2, 11-13; 0046, lines 3-4); 

authentication/access authorization control means for authenticating 
said VPN client unit and said gateway unit, and for executing access 
authorization control (0052, lines 4-6); 

authentication information generating means for generating mutual 
authentication information for setting up an encrypted tunnel between said 
VPN client unit and said VPN gateway unit (01 08, lines 9-1 1 ); 
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communication means for sending the IP address of said VPN 
gateway unit, the private IP address of said communication unit and said 
mutual authentication information to said VPN client unit (0044, lines 4-8), 
and for sending the IP address of said PN client unit and said mutual 
authentication information to said VPN gateway unit (0095, lines 4-6). 
Daude does not disclose: 

IP address acquiring means for referring to said access control list 
to acquire the private IP address assigned to said communication unit, and 
for searching a domain name server to acquire the IP address assigned to 
said VPN gateway unit. 
Nonetheless, this feature is well known in the art and would have been an obvious 
modification of the teachings disclosed by Daude, as evidenced by Sutanto. 
Sutanto discloses: 

IP address acquiring means for referring to said access control list 
to acquire the private IP address assigned to said communication unit 
(0003, lines 4-6, 15-16), and for searching a domain name server to acquire 
the IP address assigned to said VPN gateway unit (0006, lines 7-9). 
Given the teaching of Sutanto, a person having ordinary skill in the art at the time of the 
invention would have readily recognized the desirability and advantages of modifying 
the teachings of Daude with the teachings of Sutanto by retrieving an IP address of a 
client from an access control unit and an IP address of a gateway from a domain name 
server. Sutanto recites motivation by disclosing that retrieving an IP address from a 
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server (i.e. list) allows connection when the WAN link is not available when the 
broadband access terminal is powered up (0003, lines 10-16). Please also refer to the 
motivation as recited above in respect to claim 5 as to why it is obvious to apply the 
teachings of Sutanto to the teachings of Daude. 

As to claim 10, Daude discloses: 

wherein said communication means includes encryption means for 
encrypting communications between said mediating apparatus and said 
VPN client unit, and communications between said mediating apparatus 
and said VPN gateway unit (0023, lines 3-5). 

As to claims 1 1 and 12, Daude discloses: 

wherein said authentication/access authorization control means: 
authenticates said VPN client unit (0096, lines 4-8); 

causes said mutual authentication information generating means to 
generate said mutual authentication information (0108, lines 9-11); 

causes said communication means to send the acquired IP address, 
the private IP address assigned to said communication means, and said 
generated mutual authentication information to said VPN client unit (0044, 
lines 4-8). 
Daude does not disclose: 
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only when the authentication is successful, causes said IP address 
acquiring means to query the domain name server about the IP address 
assigned to said VPN gateway unit and acquire said IP address. 

Nonetheless, this feature is well known in the art and would have been an obvious 
modification of the teachings disclosed by Daude, as evidenced by Sutanto. 
Sutanto discloses: 

only when the authentication is successful, causes said IP address 
acquiring means to query the domain name server about the IP address 
assigned to said VPN gateway unit and acquire said IP address (0041 , lines 
1-2, 7-11) 

Given the teaching of Sutanto, a person having ordinary skill in the art at the time of the 
invention would have readily recognized the desirability and advantages of modifying 
the teachings of Daude with the teachings of Sutanto by using a domain name server to 
retrieve the IP address of the gateway. Please refer to the motivation recited above in 
respect to claim 5 as to why it is obvious to apply the teachings of Sutanto to the 
teachings of Daude. 

As to claim 13, Daude discloses: 

wherein said authentication/access authority control means: 
authenticates said VPN gateway unit (0096, lines 4-8); 

only when the authentication is successful, causes said 
communication means to send the IP address assigned to said VPN client 



Application/Control Number: 10/526,935 Page 20 

Art Unit: 2131 

unit and said mutual authentication information to said VPN gateway unit 

(0096, lines 4-8). 

As to claim 14, Daude discloses: 

wherein said authentication/access authorization control means 
authenticates said VPN client unit and said VPN gateway unit by an SPKI 
(Simple Public Key Infrastructure) scheme, and/or executes access 
authorization control (0052, lines 4-6; 0081 , lines 3-5). The examiner asserts 
that the SPKI scheme is another way to perform authentication using public keys 
and that it would have been obvious to use the SPKI scheme to modify the usage 
of public keys in the teachings of Daude to obtain the claimed invention. 

As to claim 15, Daude discloses: 

wherein said authentication/access authorization control means 
authenticates said VPN client unit and said VPN gateway unit by a PKI 
(Public Key Infrastructure) scheme (0052, lines 4-6; 0081, lines 3-5). The 
examiner asserts that the PKI scheme is another way to perform authentication 
using public keys and that it would have been obvious to use the PKI scheme to 
modify the usage of public keys in the teachings of Daude to obtain the claimed 
invention. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Sarah Su whose telephone number is (571) 270-3835. 
The examiner can normally be reached on Monday through Friday 7:30AM-5:00PM 
EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 ) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Sarah Su/ 

Examiner, Art Unit 2131 

/Christopher A. Revak/ 
Primary Examiner, Art Unit 2131 



